There are 1 repository under auditd topic.
A Linux Auditd rule set mapped to MITRE's Attack Framework
Ansible role to apply a security baseline. Systemd edition.
go-libaudit is a library for communicating with the Linux Audit Framework.
A Linux Auditd rule set mapped to MITRE's Attack Framework
Hardening the Linux operating system for Debian like distributions.
Demo for Elastic's Auditbeat and SIEM
ArchLinux setup which focuses on desktop security
Proof-of-Concept to evade auditd by writing /proc/PID/mem
Proof-of-Concept to evade auditd by tampering via ptrace
Ansible role to install auditbeat for security monitoring. (Ruleset included)
Install and configure auditd on your system.
A small Go program to read /var/log/audit/audit.log
Installs 7.X ELK Stack on CentOS, RHEL, Ubuntu, or Debian
An Ansible Role that installs Auditbeat on RedHat/CentOS or Debian/Ubuntu.
Simple alpine image with auditd intended usage is to be used in combination with docker-desktop kubernetes to allow building a seccomp profiles with the kubernetes-sigs/security-profiles-operator
:eyes: File monitoring software that will log file access to configured directories on the system.
Install and configure auditd on your system.
Notes about linux-audit subsystem (kernel & userspace)
CMAuditd (version 2) is a free and open-source GUI designed to be used with Auditd, which is the userspace component of the Linux Auditing System. It provides more functionality and a better interface than its previous version.
An Ansible Role to install and configure audit.
An Autopsy data source ingest module for detection of IOCs in EVTX for Windows and Auditd for Linux based on SIGMA Rules.
Python script to notify about successful SSH logins